9 matches found
CVE-2026-11370
The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.5.18 via the 'newlink' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations...
EUVD-2026-38660
The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.5.18 via the 'newlink' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations...
CVE-2026-11370 WP Meta SEO <= 4.5.18 - Authenticated (Contributor+) Server-Side Request Forgery via 'new_link' Parameter
The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.5.18 via the 'newlink' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations...
PT-2026-51669
Name of the Vulnerable Software and Affected Versions WP Meta SEO versions prior to 4.5.19 Description The plugin is susceptible to Server-Side Request Forgery SSRF, a flaw that allows an attacker to induce the server-side application to make requests to an unintended location. Authenticated user...
EUVD-2025-176526
Malicious code in sanitize-new-link-code-void npm...
CVE-2025-39874
In the Linux kernel, the following vulnerability has been resolved: macsec: sync features on RTMNEWLINK Syzkaller managed to lock the lower device via ETHTOOLSFEATURES: netdevlock include/linux/netdevice.h:2761 inline netdevlockops include/net/netdevlock.h:42 inline netdevsynclowerfeatures...
URL Shortify < 1.7.6 - Unauthenticated Stored XSS via referer header
Description The plugin does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link. 1. Add a new shortened link in the interface...
Description of the security update for SharePoint Server Subscription Edition: January 11, 2022 (KB5002111)
Description of the security update for SharePoint Server Subscription Edition: January 11, 2022 KB5002111 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft Office remote code execution vulnerability. To learn more about the...
ANE CMD CRSF - Arbitrary Add Admin
======================================================================= AneCMS CSRF Vulnerability ======================================================================= by Pratul Agrawal Vulnerability found in- Admin module email [email protected] company aksitservices Credit by Pratul Agrawal...